websocket-implementation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill clearly ingests untrusted, user-generated content through runtime WebSocket handlers (e.g., io.on('connection') -> socket.on('message'), client ws.on('message'), the aiohttp/FastAPI websocket handlers reading data['content']) and via Redis pub/sub subscribe callbacks, which the agent reads and broadcasts — exposing it to indirect prompt injection.